摘要:
three-eight-nine-ds-base security update
安全等级: High
公告ID: KylinSec-SA-2024-3876
发布日期: 2024年9月20日
关联CVE: CVE-2022-1949 CVE-2024-5953
389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration.
Security Fix(es):
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.(CVE-2022-1949)
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.(CVE-2024-5953)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-1949 | KY3.4-5A | three-eight-nine-ds-base | Fixed |
| CVE-2024-5953 | KY3.4-5A | three-eight-nine-ds-base | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| cockpit-389-ds | noarch | 1.4.3.36-6.ky3_4.kb1 |
| python3-lib389 | noarch | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base | x86_64 | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base-devel | x86_64 | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base-help | x86_64 | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base-legacy-tools | x86_64 | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base-snmp | x86_64 | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base | aarch64 | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base-devel | aarch64 | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base-help | aarch64 | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base-legacy-tools | aarch64 | 1.4.3.36-6.ky3_4.kb1 |
| 389-ds-base-snmp | aarch64 | 1.4.3.36-6.ky3_4.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
